Summary

VBS/First is the first virus to use Windows Scripting Host. This is a macro-like technique for Windows 98 and NT 5.0.

Windows Scripting Host macros come in files with VBS and JS extensions. You do not need any MS Office application or Internet Explorer in order to execute these macros - just double-clicking is enough to run them.

When VBS/First is executed, it will locate and infect other VBS macro files.

Additional Details

Two variants of the VBS/First virus will try to connect to Code Breakers website on the 15th of the month.

The virus is also shows a messagebox like this:

        VBSv v2.0
        by Lord Natas/CodeBreakers

The VBS/First.C variant (VBSV2.0) is able to infect both VBS and .JS files

[Katrin Tocheva & Mikko Hypponen]